You can't sign in to Skype for Business or Lync clients on devices that don’t support Server Name Indication (SNI)

PROBLEM
When you use Active Directory Federation Services 3.0 (ADFS) as an identity federation provider, devices that don't support Server Name Indication (SNI) won't be able to sign in.

Note This issue currently occurs on Polycom CX phone devices and some Lync Phone Edition devices.
WORKAROUND
To work around this issue as a Skype for Business administrator, associate the SSL certificate with the ADFS web URL for each ADFS server in your environment. To do this, follow these steps:
  1. Run the following command on the ADFS servers: 
    netsh http show sslcert 
    The application ID and certificate hash is returned in the output. The website URL is also reported. If there's more than one website configured on the server, search for the website URL first, and then obtain the corresponding application ID and certificate hash.
  2. Run the following commands in the same window:
    netshHTTPadd SSLCert IPPORT=0.0.0.0:443 certhash=certhash appid=appid
    Notes
    • Replace the IP address in this command (0.0.0.0) with the IP address that you want to specify. Also replace the port value with the specific port that's configured for the website. This is typically 443 for ADFS 3.0. For most customers, binding the SSL certificate to all IP addresses is recommended.
    • The appid value must include the braces. 
For more information about these commands, go to the following Microsoft websites:
MORE INFORMATION
This issue occurs when the following conditions are true:
  • You have a Windows Server 2012 R2-based server that has ADFS 3.0 installed. 
  • There's a new Server Name Indication (SNI) feature in ADFS 3.0, but some platforms don't support this yet. Support for SNI depends on the device's operating system in question. Although the clients themselves support this new feature, the device platform may not.

Note If you need help configuring ADFS 3.0, we recommend that you contact ADFS 3.0 technical support. We also recommended that you run the most recent versions of the ADFS 3.0 components. 

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.




Still need help? Go to the Office 365 Community website.
Propiedades

Id. de artículo: 2973873 - Última revisión: 05/31/2016 19:08:00 - Revisión: 4.0

Skype for Business Online

  • o365 o365e o365p o365a o365m o365022013 kb3rdparty KB2973873
Comentarios